The IT world is built around acronyms, terms, phrases, sayings and even though there is a purpose to the definitions the use of the lingo is use incorrectly more often than not. The main reason is the job postings, marketing publications, blog posts are written by people that do not have IT backgrounds. So on the surface interchanging one word make look the same but can change the definition greatly.
One of the more broad terms that is constantly flipped back and forth is in the security space and the terms Information Security and IT Security. On the surface its security and some places may be posting for IT Security folks and others are looking for Information Security folks but the job descriptions and responsibilities don’t match.
When you think about the people that are looking for new opportunities, reading blog posts for research or looking for new business partnerships, those people do have the IT background and experience. If you are not writing to them they will see that as a lack of knowledge, not take you seriously, and move on.
Here’s the best way to differentiate Information Security and IT Security.
IT Security – Also known as Computer Security or Cybersecurity is the protection of the physical information systems from theft, damage to hardware, software, and preventing the disruption of services. It includes physical access controls, network access controls, and operational controls. Simply – Technical and tactical.
Information Security – Also known as InfoSec is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. Where the information resides is irrelevant, InfoSec scope is all information whether stored on a system or in physical/paper form. Simply – Procedural and Strategic.
|Information Security||IT Security|
|Security Frameworks||Hardware Hardening|
|Policy Development||Incident Reponse|
|Security Awareness Training||Firewalls|
|Risk Analysis||Vulnerability Scans|
|Data Privacy||Penetration Testing|
|Regulatory Compliance||Access Controls|
|Governance Models||Network Security|
|Enterprise View||System View|
As you can see Information Security and IT Security are not the same and when the terms are used interchangeably the experienced IT communities will see right through that.
It also comes into play from your Enterprise Security programs to understand where IT Security ends and Information Security begins as skill sets, processes and involvement from cross-functional departments benefit from knowing what’s the tactical technical approaches and what is procedural and strategic.
End of Line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.